Spring Core RCE - CVE-2022-22963

Following Spring Cloud, on March 29, another heavyweight vulnerability of Spring broke out on the Internet: Spring Core RCE

The Circulating coding poc:

The exploit has been uploaded as exp.py

The official Spring patch is also in active production

Patch Links in Spring Production

---

The vulnerability affects:

1. jdk version 9 and above
2. using Spring Framework or derivative frameworks

Bug fix suggestion

At present, Spring has not officially released a patch and as a result, it is recommended to lower your jdk version as a temporary solution.